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What is claimed is: 

1 . A cryptographic feature enablement system comprising: 
a CPU; 

a bus operably and directly connected to said CPU; 

at least one non-volatile read/write memory operably connected to said bus 
and accessible by said CPU; 

a cryptographic chip having disposed therein at least one cryptographic 
system and algorithm, and further operably connected to said bus and accessible 
by said CPU; 

an encrypted token operably disposed within said at least one non-volatile 
read/write memory and further configured to contain initialization data for 
enabling a desired set of cryptographic capabilities corresponding to said 
cryptographic chip; 

system-specific information assigned to an individual system and readable 

by said CPU; and, 

a token decryption system operably disposed within said at least one non- 
volatile read/write memory configured to enable and use said cryptographic chip 
and said system-specific information to decrypt said encrypted token, and further 
configured to reconfigure said cryptographic chip in accordance with said 
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initialization data in said token and in accordance with said system-specific 
information. 

2. The cryptographic feature enablement system of claim 1 where said 
5 at least one non-volatile read/write memory comprises FLASH memory . 

3. The cryptographic feature enablement system of claim 1 where said 
system-specific information is the system's MAC address. 

10 4. The cryptographic feature enablement system of claim 3 where said 

MAC address is used to generate a private key. 

5. A method for initializing cryptographic functionality in a system, the 
method comprising: 
15 starting the boot process in a system; 

using said system's system-specific information to generate a key; 
decrypting an encrypted token using said key; 

establishing if said decrypted token is useable for a cryptographic chip in 
said system; 

20 initializing said cryptographic chip in relationship to said decrypted token if 

said decrypted token is operable for a cryptographic chip in said system; and, 
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initializing said cryptographic chip in accordance with a default if said 
decrypted token is not usable. 

6. The method of claim 5 where said default initialization is to 
5 immediately bring the system back down. 

7. The method of claim 5 where said default initialization is to bring 
the system up with no cryptographic capabilities enabled. 

IQ 8. The method of claim 5 where said system-specific information is 

said system's MAC address. 

9. A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by a machine for initializing 
15 cryptographic functionality in a system, the method comprising: 
starting the boot process in a system; 

using said system's system-specific information to generate a key; 
decrypting an encrypted token using said key; 

establishing if said decrypted token is useable for a cryptographic chip in 
20 said system; 

initializing said cryptographic chip in relationship to said decrypted token if 
said decrypted token is operable for a cryptographic chip in said system; and, 
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initializing said cryptographic chip in accordance with a default if said 
decrypted token is not usable. 

1 0 . The method of claim 9 where said default initialization is to 
5 immediately bring the system back down. 

1 1 . The method of claim 9 where said default initialization is to bring 
the system up with no cryptographic capabilities enabled. 

10 12. The method of claim 9 where said system-specific information is 

said system's MAC address. 

13. A system for initializing cryptographic functionality in a system, the 
system comprising: 
15 means for starting the boot process in a system; 

means for using said system's system-specific information to generate a 

key; 

means for decrypting an encrypted token using said key; 
means for establishing if said decrypted token is useable for a 
20 cryptographic chip in said system; 


21 


CISCO-3479 

means for initializing said cryptographic chip in relationship to said 
decrypted token if said decrypted token is operable for a cryptographic chip in said 
system; and, 

means for initializing said cryptographic chip in accordance with a default 
if said decrypted token is not usable. 

14. The system of claim 1 3 where said default initialization is to 
immediately bring the system back down. 

15. The system of claim 1 3 where said default initialization is to bring 
the system up with no cryptographic capabilities enabled. 

16. The system of claim 13 where said system-specific information is 
said system's MAC address. 

17. A method for installing cryptographic initialization data in a system 
for use during system booting, the method comprising: 

identifying the system-specific information of said system; 
generating at least one key using said system-specific information; 
using one key of said at least one keys to encrypt a token, where said token 
comprises cryptographic initialization data applicable to said system; and, 
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writing said encrypted token in non-volatile memory in said system, where 
said non-volatile memory is configured to be accessible by a CPU in said system 
during system initialization. 

18. The method of claim 17 where said non- volatile memory is FLASH 
memory. 

1 9 . The method of claim 1 7 where said generation of at least one key 
further comprises generating a public key and a private key, and choosing said 
public key to encrypt said token and choosing said private key to use for 
decrypting said token. 

20 . The method of claim 1 7 where said system-specific information is 
said system's MAC address. 

21. A program storage device readable by a machine, tangibly 
embodying a program of instructions executable by a machine for installing 
cryptographic initialization data in a system for use during system booting, the 
method comprising: 

identifying the system-specific information of said system; 
generating at least one key using said system-specific information; 
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using one key of said at least one keys to encrypt a token, where said token 
comprises cryptographic initialization data applicable to said system; and, 

writing said encrypted token in non-volatile memory in said system, where 
said non- volatile memory is configured to be accessible by a CPU in said system 
during system initialization. 

22. The method of claim 2 1 where said non-volatile memory is FLASH 
memory. 

23 . The method of claim 2 1 where said generation of at least one key 
further comprises generating a public key and a private key, and choosing said 
public key to encrypt said token and choosing said private key to use for 
decrypting said token. 

24. The method of claim 2 1 where said system-specific information is 
said system's MAC address. 

25 . A system for installing cryptographic initialization data in a system 
for use during system booting comprising: 

means for identifying the system-specific information of said system; 
means for generating at least one key using said system-specific 
information; 
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means for using one key of said at least one keys to encrypt a token, where 
said token comprises cryptographic initialization data applicable to said system; 
and, 

means for writing said encrypted token in non-volatile memory in said 
system, where said non-volatile memory is configured to be accessible by a CPU 
in said system during system initialization. 

26. The system of claim 25 where said non- volatile memory is FLASH 
memory. 

27. The system of claim 25 where said means for generation of at least 
one key further comprises generating a public key and a private key, and choosing 
said public key to encrypt said token and choosing said private key to use for 
decrypting said token. 

28. The system of claim 25 where said system-specific information is 
said system's MAC address. 
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